Maybe I am missing something about the use of SSLRequireSSL, but I am
trying to control access to a directory so that only connections using SSL
to that directory can be made. But no matter what directory I use that
directive in, non-SSL connections can still connect to anything in that
directory.
I have this in my httpd.conf:
<Directory "/usr/local/apache/1.3.14/htdocs">
SSLRequireSSL
</Directory>
I have also tried using SSLRequire and restricting access but all that
does is deny SSL-connections but allow non-SSL connections.
I'm using StrongHold 3.0 on Solaris and am also trying this on Win2k with
Apache 1.3.14, and I have the same problem in both places. The docs, it
seems, don't seem very clear on this -- I have copied the example straight
out of the mod_ssl manual.
-- Brett
http://www.chapelperilous.net/~bmccoy/
------------------------------------------------------------------------
Labor, n.:
One of the processes by which A acquires property for B.
-- Ambrose Bierce, "The Devil's Dictionary"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
